2 matches found
CVE-2024-45855
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it...
CVE-2024-45855
CVE-2024-45855 affects MindsDB platform (versions 23.10.2.0 and newer) where deserialization of untrusted data during the finetune process can allow a maliciously uploaded model to execute arbitrary code on the server. The issue is documented across multiple feeds (NVD, Red Hat, GHSA, OSV) with c...